Protection for sensitive files when using Apache on an HFS+ volume

Posted on March 6, 2008. Filed under: Apache, Hosting, Leopard, OSX, Servers | Tags: , , , |

Security Update 2004-12-02 makes changes to the httpd.conf file. After a successful update, the Apache configuration file will deny access to the following files:

  • */..namedfork/data
  • */..namedfork/rsrc
  • */rsrc
  • rsrc
  • .ht* (case insensitive)
  • .ds_s* (case insensitive)

Warnings:

  1. The configuration changes that block named-fork exposure apply only to the default webserver, apache1. If you’ve chosen to use Apache2, it’s recommended that you serve content from a UFS volume.
  2. For important related information, see “mod_hfs_apple” protects web content against case insensitivity in the HFS file system. (more…)
Advertisements
Read Full Post | Make a Comment ( 1 so far )

  • Blog Stats

    • 159,671 hits
  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 21 other followers

Liked it here?
Why not try sites on the blogroll...